Javier_124486's avatar
Javier_124486
Icon for Nimbostratus rankNimbostratus
Dec 25, 2017

Hi everyone, -So, after reviewing we will go with pre-check before ntlm. I am interested in the option suggested by Michael above, about reviewing the windows registry, checking if the machine is join to a corporate domain and if so NTLM, else Logon Page. i am going to assume that i will use/install Edge components for this and then "Windows Registry"-Client Side-, "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"."DefaultDomainName"="mydomain".

Now, since i cannot apply from the very beginning Michael's irule (it will enforce NTLm right away) i will need to instruct the variable when it should be triggered ( APM irule Event -ntlmon- right after domain check successful). So, the irule should look like the one below and since the non corporate users will not pass the windows registry they will follow the fallback path to logon page. My first concern is that i've never created an event with APM and i do not know if the device will accept the substitution of http request with "ntlmon"

when ntlmon { 
        ECA::enable 
        ECA::select select_ntlm:/Common/NTLM-auth  }

So, my question is, is this feasible, does it make sense?. of course i will try on my environment but it will take some time and if somebody tried before and worked perfect i will keep pushing, else, i will appreciate a plain "no".

Again, thank you so much for the info